IETF Logo Mail Archive

Re: [DNSOP] ALT-TLD and (insecure) delgations.

Tony Finch <dot@dotat.at> Tue, 07 February 2017 12:11 UTC

Return-Path: <dot@dotat.at>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7CC3112949D for <dnsop@ietfa.amsl.com>; Tue, 7 Feb 2017 04:11:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C-RoOOF7kNtB for <dnsop@ietfa.amsl.com>; Tue, 7 Feb 2017 04:11:13 -0800 (PST)
Received: from ppsw-42.csi.cam.ac.uk (ppsw-42.csi.cam.ac.uk [131.111.8.142]) by ietfa.amsl.com (Postfix) with ESMTP id 876BC12940A for <dnsop@ietf.org>; Tue, 7 Feb 2017 04:11:13 -0800 (PST)
X-Cam-AntiVirus: no malware found
X-Cam-ScannerInfo: http://help.uis.cam.ac.uk/email-scanner-virus
Received: from grey.csi.cam.ac.uk ([131.111.57.57]:33535) by ppsw-42.csi.cam.ac.uk (ppsw.cam.ac.uk [131.111.8.138]:25) with esmtps (TLSv1:ECDHE-RSA-AES256-SHA:256) id 1cb4c3-000m4g-7K (Exim 4.88) (return-path <dot@dotat.at>); Tue, 07 Feb 2017 12:11:11 +0000
Date: Tue, 07 Feb 2017 12:11:11 +0000
From: Tony Finch <dot@dotat.at>
To: Brian Dickson <brian.peter.dickson@gmail.com>
In-Reply-To: <CAH1iCipZaM1d2t2TX9FW3HMrBWbm0t4Ou0UBSS62SUjj298M-w@mail.gmail.com>
Message-ID: <alpine.DEB.2.11.1702071208590.23062@grey.csi.cam.ac.uk>
References: <CAH1iCiqXohb_7LsQ2EMo8ZB-t20mKq_nUDS8vebhtSXoM13DTg@mail.gmail.com> <20170203210922.7286C618213C@rock.dv.isc.org> <CAH1iCipKwcOsMQY3kjvSZ42LMK37GLD6GP2AVtnWK0c83k-RiA@mail.gmail.com> <20170207040552.8BDCC632F192@rock.dv.isc.org> <3581BE55-B178-4298-8EE8-73FD16B4216D@gmail.com> <20170207063146.BC04763357A9@rock.dv.isc.org> <99431A77-7B62-4655-89EF-FAA32F2A82F6@gmail.com> <20170207072750.333B56339A7F@rock.dv.isc.org> <CAH1iCipZaM1d2t2TX9FW3HMrBWbm0t4Ou0UBSS62SUjj298M-w@mail.gmail.com>
User-Agent: Alpine 2.11 (DEB 23 2013-08-11)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/nKSyC5G9yLqBMVhbTwFoVeZm9iY>
Cc: "dnsop@ietf.org WG" <dnsop@ietf.org>
Subject: Re: [DNSOP] ALT-TLD and (insecure) delgations.
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Feb 2017 12:11:15 -0000

Brian Dickson <brian.peter.dickson@gmail.com> wrote:
>
> Does the existence of query rewriting matter, as long as the end result
> RDATA is the expected value?
> I.e. If the query is "my-thing.foo.alt", returns a combo of "alt DNAME
> empty.as112.arpa" plus "my-thing.foo.empty.as112.arpa <RRTYPE> <RRDATA>",
> is that acceptable, as long as there is no validation failure?

If there is a local namespace squatting on .alt (directly, not on the
rewritten alt.empty.as112.arpa) then this will conflict with the DNAME in
the root, which will cause resolution failures.

Tony.
-- 
f.anthony.n.finch  <dot@dotat.at>  http://dotat.at/  -  I xn--zr8h punycode
Irish Sea: West or northwest 4 or 5, increasing 6 at times, becoming variable
then southeast later, 3 or 4. Slight or moderate, occasionally rough in south.
Rain or squally showers. Moderate or good.

v2.23.0 | Report a Bug | By Email